The CBL is a separate website in which you can also lookup IPs. Spamhaus will tell you if that’s the case and direct you to the CBL here: http://www.abuseat.org/lookup.cgi

Even though my IP was otherwise fine, it was listed in the CBL, and Yahoo kindly made me aware of this as part of an error message I’ve received when trying to send an email. If ever there is an email problem in CentOS, the first place to look is /var/log/maillog. Here’s Yahoo’s very helpful explanation: https://help.yahoo.com/kb/postmaster/SLN5070.html

Turns out that the hostname was not setup yet, so the box would respond as localhost.localdomain. That’s a big fat no-no as far as the CBL people are concerned. Here’s CBL’s explanation:

This IP address is HELO’ing as “localhost.localdomain” which violates the relevant standards (specifically: RFC5321).

The CBL does not list for RFC violations per-se. This _particular_ behaviour, however, correlates strongly to spambot infections. In other words, out of thousands upon thousands of IP addresses HELO’ing this way, all but a handful are infected and spewing junk. Even if it isn’t an infection, it’s a misconfiguration that should be fixed, because many spam filtering mechanisms operate with the same rules, and it’s best to fix it regardless of whether the CBL notices it or not.

So what’s HELO’ing?

HELO seems to be what a server identifies itself as when it sends an email. And without a proper hostname, localhost.localdomain gets us an immediate blacklist entry.

There is an easy link to de-list the IP in question at the bottom of the CBL page, but it says that we obviously need to fix the problem so that our server passes the test next time. That’s a little tricker.

How do we test what the server HELO’s as?

The mail will be rejected immediately, but in the rejection we’ll find how the server HELO’d back.

Testing this sounds easier than it actually is: this particular server wasn’t setup to be a mail server, and sendmail wasn’t installed. I wanted to keep it that way too. Thankfully, there’s telnet! If it’s not installed, “yum install telnet” will do the trick – it’s a really lightweight package and you can remove it if you don’t need it after the test.

Let’s use telnet to send an email. Each command will wait for another response:

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

telnet localhost smtp

Trying::1...

Connectedto localhost.

Escapecharacter is'^]'.

220example.com ESMTPPostfix

mailfrom:hello@example.com

2502.1.0Ok

rcptto: helocheck@abuseat.org

2502.1.5Ok

data

354Enddata with<CR><LF>.<CR><LF>

Thisisatest.

.

2502.0.0Ok: queuedas EBDDEB14D47

quit

2212.0.0Bye

Connectionclosed by foreign host.

After quitting telnet, we even get a notification back telling us that something didn’t work. That’s probably the email rejection – as expected. Let’s have a look in /var/log/maillog again to see how the server HELO’d this time:

Share this:

Related

About Jay Versluis

Jay is a medical miracle known as a Super Survivor. He runs two YouTube channels, five websites and several podcast feeds. To see what else he's up to, and to support him on his mission to make the world a better place, check out his Patreon Campaign.